ADTRAN L768 user manual Security/PPP, Security/Filter Defines

Chapter 3: Terminal Menu Operation and Structure

respond within the retry count, the PPP peer (or Telnet session) is not authen- ticated and is dropped. The default is 5.

Security/PPP

Write security: 1; Read security: 2

The PPP peer can be authenticated using three standard methods: PAP (Pass- word Authentication Protocol), CHAP (Challenge Handshake Protocol) and EAP (Extensible Authentication Protocol). The strength of the authentication is determined in the order EAP, CHAP, followed by PAP, where EAP is the strongest and PAP is the weakest. PAP is a clear-text protocol, which means it is sent over the PPP link in a readable format. Care must be taken not to al- low highly sensitive passwords to become compromised using this method. CHAP and EAP use a one-way hashing algorithm which makes it virtually im- possible to determine the password. EAP has other capabilities which allow more flexibility than CHAP.

The following selections are possible:

PAP, CHAP or EAP (def) - The Express L768/L1.5 will ask for EAP during the first PPP LCP negotiation and allow the PPP peer to negotiate down to CHAP or PAP.

CHAP or EAP - The Express L768/L1.5 will ask for EAP during the first PPP LCP negotiation and allow the PPP peer to negotiate down to CHAP but not PAP.

EAP - The Express L768/L1.5 will only allow EAP to be negotiated. If the PPP peer is not capable of doing EAP, then the connection will not succeed.

Security/Filter Defines

The Express L768/L1.5 can filter packets based on certain parameters within the packet. The method used by the Express L768/L1.5 allows the highest flexibility for defining filters and assigning them to a profile. The filters are set up in two steps: (1) defining the packet types, and (2) adding them to a list un- der the PPP profile or DLCI map. See the section DLCI Mapping/Filters on page 54 for examples of how to set up filter profiles. This menu is used to de- fine the individual filter defines based on packet type.